Mandriva Linux Security Advisory : libevent (MDVSA-2015:017-1)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated libevent packages fix security vulnerability :

Andrew Bartlett of Catalyst reported a defect affecting certain
applications using the Libevent evbuffer API. This defect leaves
applications which pass insanely large inputs to evbuffers open to a
possible heap overflow or infinite loop. In order to exploit this
flaw, an attacker needs to be able to find a way to provoke the
program into trying to make a buffer chunk larger than what will fit
into a single size_t or off_t (CVE-2014-6272).

See also :

http://advisories.mageia.org/MGASA-2015-0009.html

Solution :

Update the affected lib64event-devel and / or lib64event5 packages.

Risk factor :

High

Family: Mandriva Local Security Checks

Nessus Plugin ID: 80436 ()

Bugtraq ID:

CVE ID: CVE-2014-6272

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now